from Crypto.Cipher import AES
import binascii

def decrypt_gcm(hex_key, hex_ciphertext):
    """
    使用 AES/GCM 模式解密数据。
    假设密文结构是: IV (12字节) + 加密数据 + 认证标签 (16字节)
    """
    try:
        # 1. 将十六进制字符串转换为字节
        key = binascii.unhexlify(hex_key)
        ciphertext_bytes = binascii.unhexlify(hex_ciphertext)

        # 2. 从密文中分离出 IV, 加密数据, 和认证标签
        # GCM 标准 IV 长度通常是 12 字节 (96位)
        iv_len = 12
        # GCM 标准认证标签长度通常是 16 字节 (128位)
        tag_len = 16

        iv = ciphertext_bytes[:iv_len]
        encrypted_data = ciphertext_bytes[iv_len:-tag_len]
        auth_tag = ciphertext_bytes[-tag_len:]

        print(f"[*] 密钥 (Key): {binascii.hexlify(key).decode()}")
        print(f"[*] 初始向量 (IV): {binascii.hexlify(iv).decode()}")
        print(f"[*] 加密数据 (Encrypted Data): {binascii.hexlify(encrypted_data).decode()[:64]}...")
        print(f"[*] 认证标签 (Auth Tag): {binascii.hexlify(auth_tag).decode()}")

        # 3. 创建 AES GCM 解密器
        cipher = AES.new(key, AES.MODE_GCM, nonce=iv)

        # 4. 执行解密和验证
        plaintext = cipher.decrypt_and_verify(encrypted_data, auth_tag)

        # 5. 将解密后的字节转换为 UTF-8 字符串
        return plaintext.decode('utf-8')

    except (ValueError, KeyError) as e:
        return f"解密失败: {e}"
    except Exception as e:
        return f"发生未知错误: {e}"

# --- 从你的 Frida 日志中填入数据 ---
HEX_KEY = "2ead49fdbd4fbc537223b12762696c065ba83015c21677bb0daafb22f1969952"
HEX_CIPHERTEXT = "d21b7781d0d87ff72314fa2eca816866b992814be2dc6cd61fab49ff2498637c596ab7f12bbaa0a01a209b36ee086823ffff100434a8cebc5a52e3de326cccf6b1d5db6633572284de03259dc4a2b38e99562075f5a8d9ac6e88041ce40ae8919f74c7ae5e67c58b1eb439e9a2b6ffc3ee1ba3260f3018bc76d94ad1ea0f5e05b80365fcf32c436e406f7a8aec03837f502c6f18adce5a9cf53020339e2b800a874e6bfd14ced0f8789528c4064b8c4ca36e5990958b3e9cf5a080ef097bbcd2de004144e971b4f2219a774abe9733c826ceb4202a5cdf25ef26fba721888d78bc10935da0446b7e7f234f1f068cf10ed0619aa0f926d7c4550a71b81366f0f54f5b4dc9cffc7d500e8626b5111bb507c3aff10f256e7931a4d8b1acc802daabd9884efb621d855546bed8abbc3aaa85865fd4b4bbec402be1bc64462f17fcd32c810f359ec07c627ea5f506cbd3478c9960b58e1cc40afdaf8d2c76c060104eb089555f735a1e062b1afbfdeb83763c4b3eb1148827a1fe6dbb63c643dd73e3b6cb92a078b6fd865f17dd6c9bb18daeacae08bfb916d6057872cdf62f34e2dd7cb24e4b51f560df05090eab4a3f7da89d7be65ee33f97d33fc0d7cbed266f74f7d529966b5c19cec894d87f1bd8523acf2db1fe7e5b25b3f1e36fe61fc2c51cd2dd7fbce14b39c05c11b3b1ec4273cbd1f66bea9e5e6d5397f01633f0da2b5d75a41c7a52744797920b54e23a5be5ef27abbb46029d2bc460c2ee4d387f151955b63228def7a392ddf02df96944fd689835fd4742427c38800a8b902253991a00275166221a4c3d95dfcc2835b2c410e083261a6f938a3165b98726e496588cfe382a0989067ea7ff7e3248968574857755173420abe1b13a9b28eee569912f8c2edf28623f152c79f6893b272a1487cf1c614d3546b6d326fde63ae18171156a94f68fb8e30e7c5a31b3753f658b8ad90aa2804f4bb9f65640b109ea9f7da617cde55e296feb1896f99fc9cc48c5f588121dd2abe71a165be3f798231abeca61dd38f8a520c972b1f7b57702d4469fbbbeb3cf07b1fdace9251d412ac138f618c78b1c37892ed17170a2eff408228e02a725856b8270693ebcd1707a48429fe633c2c7acf45454e10e38a38b9bca5f9d3fdb3bd8e42ce3d0fe51d418a44bc7343ccc53f163bc523afbab23fe49fbde7a530813a443d255ba7a199240c10461312559561c54ce9df47dd61b7d7060d6fba598dd0e9671ba8b7dd30321bdf9316f5681bc011ce8c7ae993f0744057eb96d01a6e3eeb44de0eb421adbfc3a5743c9b1a1eca503fdfe0ba1ab19de641030f75512d7d726d8e1a147757af69a18f18b72b6aedc37774e4f1cb711d61dd1e357e69f83d661ff1552261a2acaa9abd19e4e65ad47066b06ab465c9eb5ef30394da0d50e1fc83a3bd12213a84d280920133009b2798bb38217239c39df457d824fddd8bdc206ad4a"

# 执行解密
decrypted_text = decrypt_gcm(HEX_KEY, HEX_CIPHERTEXT)

print("\n--- 解密结果 ---")
print(decrypted_text)

# 尝试将结果作为 JSON 格式化打印
import json
try:
    parsed_json = json.loads(decrypted_text)
    print("\n--- 格式化 JSON ---")
    print(json.dumps(parsed_json, indent=2, ensure_ascii=False))
except json.JSONDecodeError:
    print("\n[!] 结果无法解析为 JSON。")